Lucene search
K

13 matches found

RedhatCVE
RedhatCVE
added 2026/02/19 7:28 a.m.6 views

CVE-2026-2633

The Gutenberg Blocks with AI by Kadence WP plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.6.1. This is due to a missing capability check in the processimagedataajaxcallback function which handles the kadenceimportprocessimagedata AJAX action. T...

4.3CVSS5.8AI score0.00327EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2023/06/13 5:15 p.m.5 views

CVE-2023-31541

A unrestricted file upload vulnerability was discovered in the ‘Browse and upload images’ feature of the CKEditor v1.2.3 plugin for Redmine, which allows arbitrary files to be uploaded to the server...

9.8CVSS7.4AI score0.01781EPSS
Exploits1References4
Snyk
Snyk
added 2022/12/08 11:30 p.m.2 views

Cross-site Scripting (XSS)

Overview TinyMCE is a web-based JavaScript HTML WYSIWYG editor control. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to improper user-input sanitization in the alert and confirm dialogs when these dialogs were provided with malicious HTML content. This can occu...

6.1CVSS5.3AI score0.00939EPSS
Exploits0References2
OSV
OSV
added 2022/12/08 11:30 p.m.29 views

GHSA-GG8R-XJWQ-4W92 Cross-site scripting vulnerability in TinyMCE alerts

Impact A cross-site scripting XSS vulnerability was discovered in the alert and confirm dialogs when these dialogs were provided with malicious HTML content. This can occur in plugins that use the alert or confirm dialogs, such as in the image plugin, which presents these dialogs when certain...

5.4CVSS5.9AI score0.00939EPSS
Exploits0References8
Cvelist
Cvelist
added 2022/12/08 9:29 p.m.34 views

CVE-2022-23494 Cross-site scripting vulnerability in TinyMCE alerts

tinymce is an open source rich text editor. A cross-site scripting XSS vulnerability was discovered in the alert and confirm dialogs when these dialogs were provided with malicious HTML content. This can occur in plugins that use the alert or confirm dialogs, such as in the image plugin, which...

5.4CVSS6.4AI score0.00939EPSS
Exploits0References6
OSV
OSV
added 2022/12/08 9:29 p.m.20 views

CVE-2022-23494 Cross-site scripting vulnerability in TinyMCE alerts

tinymce is an open source rich text editor. A cross-site scripting XSS vulnerability was discovered in the alert and confirm dialogs when these dialogs were provided with malicious HTML content. This can occur in plugins that use the alert or confirm dialogs, such as in the image plugin, which...

5.4CVSS5.9AI score0.00939EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2019/05/02 12:0 a.m.13 views

Fedora 30 : glpi (2019-e50f92e4c1)

Version 9.4.1.1 Non exhaustive list of changes : - security Bad chevrons rendering on dropdowns 5468 - security Iframe and forms are rendered in rich text contents 5519 - security Type juggling authentication bypass 5520 - security Malicious images upload 5580 - security Password token date was n...

5.5AI score
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2019/04/08 12:0 a.m.11 views

Fedora 29 : glpi (2019-a66789a334)

Add security fix backported from 9.4 : - security Bad chevrons rendering on dropdowns 5468 - security Iframe and forms are rendered in rich text contents 5519 - security Type juggling authentication bypass 5520 - security Malicious images upload 5580 - security Password token date was not reset...

5.5AI score
Exploits0References1
OSV
OSV
added 2017/09/14 1:29 p.m.3 views

CVE-2017-1002000

Vulnerability in wordpress plugin mobile-friendly-app-builder-by-easytouch v3.0, The code in file ./mobile-friendly-app-builder-by-easytouch/server/images.php doesn't require authentication or check that the user is allowed to upload content...

9.8CVSS5.8AI score0.27448EPSS
Exploits4References5
CNVD
CNVD
added 2017/07/13 12:0 a.m.4 views

FineCMS Cross-Site Scripting Vulnerability (CNVD-2017-15547)

FineCMS is a content management system CMS developed using MVC architecture and PDO database interface. A cross-site scripting vulnerability exists in the application/core/controller/images.php file in FineCMS 2017-07-12 and earlier versions. A remote attacker can exploit this vulnerability to...

5.4CVSS5.9AI score0.00614EPSS
Exploits1References1
Prion
Prion
added 2007/07/26 7:30 p.m.22 views

Design/Logic Flaw

epesi framework before 0.8.6 does not properly verify file extensions, which allows remote attackers to upload and execute arbitrary PHP code via unspecified vectors involving the gallery images upload feature. NOTE: some of these details are obtained from third party information...

6.8CVSS8.2AI score0.01165EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2007/07/26 7:0 p.m.46 views

CVE-2007-4026

CVE-2007-4026 affects the Epesi framework prior to 0.8.6. The issue: improper verification of file extensions during the gallery images upload feature, enabling remote attackers to upload and execute arbitrary PHP code via unspecified vectors. Documents do not provide explicit exploit steps or af...

6.8CVSS7.7AI score0.01165EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2007/07/26 7:0 p.m.25 views

CVE-2007-4026

epesi framework before 0.8.6 does not properly verify file extensions, which allows remote attackers to upload and execute arbitrary PHP code via unspecified vectors involving the gallery images upload feature. NOTE: some of these details are obtained from third party information...

7.7AI score0.01165EPSS
Exploits0References4
Rows per page
Query Builder